Other than RATS, are there any other Perl security scanners?
Possibly also any STATIC only perl code graph engine which has an ability to follow data-flow or otherwise tainted input?
+3
A:
Perl::Critic implements a number of security checks largely based upon the book Perl Best Practices. Given that Perl::Critic is written using the PPI parser, it probably can achieve much greater introspection than RATS can.
That said, no code scanner or utility is going to find security errors that are the result of just poor programming practices. A few simple best practices can go a long way. The perlsec manpage goes into detail about many Perl security issues, and has some good practical advice.
From my own experience auditing mountains of bad code:
- Always use taint mode (
-Tflag) - Always
use strict - Always
use warnings - Always use placeholders in DBI code
- Always scrutinize and sanitize any input before using it as a filename, method/function name, or argument to a system call
- Avoid string
evalwhenever possible; it's inefficient, anyway. Never put user input into anevalstring.
I'm sure there's more that I'm not remembering at the moment, but it's late. :)
friedo
2009-07-19 08:51:03
It doesn't really implement security checks because it has no idea what any of the code is actually doing. It can, however, tell you about questionable code locally. It can't tell you anything about what will happen when you run the code, however.
brian d foy
2009-07-19 18:18:49
A:
With respect to a graph engine, I just found PPI
Parse, Analyze and Manipulate Perl (without perl)
Key features include;
- Documentation (of perl code)
- Structural and Quality Analysis
- Refactoring
- Layout
- Presentation
RandomNickName42
2009-07-19 16:48:52